[c-nsp] NAT on ASR1000

Tassos Chatzithomaoglou achatz at forthnet.gr
Thu Apr 9 08:51:38 EDT 2009 

We're also evaluating the ASR platform and besides 4 new bugs and 3 not supported features we have found, 
performance-wise ASR seems like a little monster. RLS5 or RLS6 will probably be our first production release. On the 
other hand, online documentation is missing a lot of stuff :(

While trying to stress the CPU, i was somewhat disappointed by the fact that "sh parser dump exec | i 
something-that-does-not-exist" makes the CPU go nuts for over 1 hour! IOS should include an option in order to produce a 
warning after x minutes of cli-command-given-but-no-output-returned.

--
Tassos

Rodney Dunn wrote on 07/04/2009 19:56:
> sh plat software status control-processor brief 
> Load Average
>  Slot  Status  1-Min  5-Min 15-Min
>   RP0 Healthy   0.00   0.04   0.01
>  ESP0 Healthy   0.00   0.00   0.00
>  SIP0 Healthy   0.02   0.02   0.00
> 
> Memory (kB)
>  Slot  Status    Total     Used (Pct)     Free (Pct) Committed (Pct)
>   RP0 Healthy  3711920  1525468 (36%)  2186452 (52%)   2438180 (59%)
>  ESP0 Healthy  2024492   527680 (25%)  1496812 (71%)   2807552 (133%)
>  SIP0 Healthy   480084   287860 (54%)   192224 (36%)    199468 (38%)
> 
> CPU Utilization
>  Slot  CPU   User System   Nice   Idle    IRQ   SIRQ IOwait
>   RP0    0   2.15   1.54   0.00  96.25   0.01   0.03   0.00
>  ESP0    0   0.57   0.60   0.00  98.80   0.00   0.01   0.00
>  SIP0    0   0.30   0.41   0.00  99.25   0.00   0.01   0.00
> 
> 
> It's a live network I worked on over the weekend. It's a pretty high
> rate short lived session network.
> 
> We set the timeouts down:
> 
> ip nat translation timeout 1800
> ip nat translation tcp-timeout 900
> ip nat translation udp-timeout 150
> ip nat translation dns-timeout 30
> 
> show platform hardware cpp active infrastructure exmem statistics
> 
> and there is a lot of QFP memory left:
> 
> Type: Name: IRAM, CPP: 0
>   Total: 134217728
>   InUse: 4779008
>   Free: 128974848
>   Free protected: 463872
>   Free unprotected: 0
>   Lowest free water mark: 129438720
>   Largest free block: 99537920
> Type: Name: DRAM, CPP: 0
>   Total: 402653184
>   InUse: 190609408
>   Free: 209715200
>   Free protected: 598016
>   Free unprotected: 1730560
>   Lowest free water mark: 212043776
>   Largest free block: 210233344
> 
> On Tue, Apr 07, 2009 at 07:02:52PM +0300, Tassos Chatzithomaoglou wrote:
>> Rodney, can you do a "sh plat soft stat contr br"?
>>
>> --
>> Tassos
>>
>> Rodney Dunn wrote on 07/04/2009 18:46:
>>> Few bugs still being worked through but the 72xx and 76xx croaked
>>> under the load:
>>>
>>> ASR1002ESP10#sh proc cpu sort | excl 0.00
>>> CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
>>> PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process 
>>> ASR1002ESP10#sh ip nat stat
>>> Total active translations: 92367 (80 static, 92287 dynamic; 92287 extended)
>>> Outside interfaces:
>>>  GigabitEthernet0/0/0, Tunnel1
>>> Inside interfaces: 
>>>  GigabitEthernet0/0/1, GigabitEthernet0/0/2
>>> Hits: 0  Misses: 0
>>> CEF Translated packets: 0, CEF Punted packets: 0
>>> Expired translations: 87400847
>>>
>>>
>>> that's on 12.2(33)XNC and I just filed one bug.
>>>
>>> CSCsy93931 ASRNAT does not do FIN/RST/SYN timeout when no-payload keyword 
>>> used
>>>
>>>
>>> My first work on the box with NAT but this thing seems pretty impressive.
>>>
>>> Anyone else using it for high scale nat yet?
>>>
>>> Rodney
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>

More information about the cisco-nsp mailing list